@commercetools-frontend/constants 22.38.0 → 22.38.2

package/dist/commercetools-frontend-constants.cjs.dev.js

@@ -3,7 +3,7 @@
 Object.defineProperty(exports, '__esModule', { value: true });
 
 // NOTE: This string will be replaced on build time with the package version.
-var version = "22.38.0";
+var version = "22.38.2";
 
 /**
  * The project key must be between 2 and 36 characters long. It can only contain alphanumeric lowercase characters (a-z, 0-9),
@@ -152,20 +152,33 @@ const STORAGE_KEYS = {
   IS_FORCED_MENU_OPEN: 'isForcedMenuOpen',
   LOGIN_STRATEGY: 'loginStrategy'
 };
+const HTTP_SECURITY_HEADER_KEYS = {
+  'Content-Security-Policy': 'Content-Security-Policy',
+  'Referrer-Policy': 'Referrer-Policy',
+  'Permissions-Policy': 'Permissions-Policy',
+  'Strict-Transport-Security': 'Strict-Transport-Security',
+  'X-XSS-Protection': 'X-XSS-Protection',
+  'X-Content-Type-Options': 'X-Content-Type-Options',
+  'X-Frame-Options': 'X-Frame-Options'
+};
 const HTTP_SECURITY_HEADERS = {
-  'Referrer-Policy': 'same-origin',
-  'Permissions-Policy': 'microphone=(), camera=(), payment=(), usb=(), geolocation=()',
-  'Strict-Transport-Security': 'max-age=31536000; includeSubDomains; preload',
-  'X-XSS-Protection': '1; mode=block',
-  'X-Content-Type-Options': 'nosniff',
-  'X-Frame-Options': 'SAMEORIGIN'
+  [HTTP_SECURITY_HEADER_KEYS['Referrer-Policy']]: 'same-origin',
+  [HTTP_SECURITY_HEADER_KEYS['Permissions-Policy']]:
+  // Note: we need to use `(self)` to ensure that Custom Views (rendered within an `<iframe>`)
+  // can inherit the main application permissions policy and override other directives if needed.
+  'microphone=(self), camera=(self), payment=(self), usb=(self), geolocation=(self)',
+  [HTTP_SECURITY_HEADER_KEYS['Strict-Transport-Security']]: 'max-age=31536000; includeSubDomains; preload',
+  [HTTP_SECURITY_HEADER_KEYS['X-XSS-Protection']]: '1; mode=block',
+  [HTTP_SECURITY_HEADER_KEYS['X-Content-Type-Options']]: 'nosniff',
+  [HTTP_SECURITY_HEADER_KEYS['X-Frame-Options']]: 'SAMEORIGIN'
 };
 
 // Custom Views events (messages sent between the host application and the custom view)
 const CUSTOM_VIEWS_EVENTS_NAMES = {
   CUSTOM_VIEW_BOOTSTRAP: 'custom-view-bootstrap',
   CUSTOM_VIEW_INITIALIZATION: 'custom-view-initialization',
-  CUSTOM_VIEW_CLOSE: 'custom-view-close'
+  CUSTOM_VIEW_CLOSE: 'custom-view-close',
+  CUSTOM_VIEW_READY: 'custom-view-ready'
 };
 const CUSTOM_VIEWS_EVENTS_META = {
   HOST_APPLICATION_CODE: 'mc-host-application',
@@ -223,6 +236,7 @@ exports.GRAPHQL_TARGETS = GRAPHQL_TARGETS;
 exports.HIDE_ALL_PAGE_NOTIFICATIONS = HIDE_ALL_PAGE_NOTIFICATIONS;
 exports.HIDE_LOADING = HIDE_LOADING;
 exports.HTTP_SECURITY_HEADERS = HTTP_SECURITY_HEADERS;
+exports.HTTP_SECURITY_HEADER_KEYS = HTTP_SECURITY_HEADER_KEYS;
 exports.LOGIN_STRATEGY_DEFAULT = LOGIN_STRATEGY_DEFAULT;
 exports.LOGIN_STRATEGY_OIDC = LOGIN_STRATEGY_OIDC;
 exports.LOGIN_STRATEGY_SSO = LOGIN_STRATEGY_SSO;

package/dist/commercetools-frontend-constants.cjs.prod.js

@@ -3,7 +3,7 @@
 Object.defineProperty(exports, '__esModule', { value: true });
 
 // NOTE: This string will be replaced on build time with the package version.
-var version = "22.38.0";
+var version = "22.38.2";
 
 /**
  * The project key must be between 2 and 36 characters long. It can only contain alphanumeric lowercase characters (a-z, 0-9),
@@ -152,20 +152,33 @@ const STORAGE_KEYS = {
   IS_FORCED_MENU_OPEN: 'isForcedMenuOpen',
   LOGIN_STRATEGY: 'loginStrategy'
 };
+const HTTP_SECURITY_HEADER_KEYS = {
+  'Content-Security-Policy': 'Content-Security-Policy',
+  'Referrer-Policy': 'Referrer-Policy',
+  'Permissions-Policy': 'Permissions-Policy',
+  'Strict-Transport-Security': 'Strict-Transport-Security',
+  'X-XSS-Protection': 'X-XSS-Protection',
+  'X-Content-Type-Options': 'X-Content-Type-Options',
+  'X-Frame-Options': 'X-Frame-Options'
+};
 const HTTP_SECURITY_HEADERS = {
-  'Referrer-Policy': 'same-origin',
-  'Permissions-Policy': 'microphone=(), camera=(), payment=(), usb=(), geolocation=()',
-  'Strict-Transport-Security': 'max-age=31536000; includeSubDomains; preload',
-  'X-XSS-Protection': '1; mode=block',
-  'X-Content-Type-Options': 'nosniff',
-  'X-Frame-Options': 'SAMEORIGIN'
+  [HTTP_SECURITY_HEADER_KEYS['Referrer-Policy']]: 'same-origin',
+  [HTTP_SECURITY_HEADER_KEYS['Permissions-Policy']]:
+  // Note: we need to use `(self)` to ensure that Custom Views (rendered within an `<iframe>`)
+  // can inherit the main application permissions policy and override other directives if needed.
+  'microphone=(self), camera=(self), payment=(self), usb=(self), geolocation=(self)',
+  [HTTP_SECURITY_HEADER_KEYS['Strict-Transport-Security']]: 'max-age=31536000; includeSubDomains; preload',
+  [HTTP_SECURITY_HEADER_KEYS['X-XSS-Protection']]: '1; mode=block',
+  [HTTP_SECURITY_HEADER_KEYS['X-Content-Type-Options']]: 'nosniff',
+  [HTTP_SECURITY_HEADER_KEYS['X-Frame-Options']]: 'SAMEORIGIN'
 };
 
 // Custom Views events (messages sent between the host application and the custom view)
 const CUSTOM_VIEWS_EVENTS_NAMES = {
   CUSTOM_VIEW_BOOTSTRAP: 'custom-view-bootstrap',
   CUSTOM_VIEW_INITIALIZATION: 'custom-view-initialization',
-  CUSTOM_VIEW_CLOSE: 'custom-view-close'
+  CUSTOM_VIEW_CLOSE: 'custom-view-close',
+  CUSTOM_VIEW_READY: 'custom-view-ready'
 };
 const CUSTOM_VIEWS_EVENTS_META = {
   HOST_APPLICATION_CODE: 'mc-host-application',
@@ -223,6 +236,7 @@ exports.GRAPHQL_TARGETS = GRAPHQL_TARGETS;
 exports.HIDE_ALL_PAGE_NOTIFICATIONS = HIDE_ALL_PAGE_NOTIFICATIONS;
 exports.HIDE_LOADING = HIDE_LOADING;
 exports.HTTP_SECURITY_HEADERS = HTTP_SECURITY_HEADERS;
+exports.HTTP_SECURITY_HEADER_KEYS = HTTP_SECURITY_HEADER_KEYS;
 exports.LOGIN_STRATEGY_DEFAULT = LOGIN_STRATEGY_DEFAULT;
 exports.LOGIN_STRATEGY_OIDC = LOGIN_STRATEGY_OIDC;
 exports.LOGIN_STRATEGY_SSO = LOGIN_STRATEGY_SSO;

package/dist/commercetools-frontend-constants.esm.js

@@ -1,5 +1,5 @@
 // NOTE: This string will be replaced on build time with the package version.
-var version = "22.38.0";
+var version = "22.38.2";
 
 /**
  * The project key must be between 2 and 36 characters long. It can only contain alphanumeric lowercase characters (a-z, 0-9),
@@ -148,20 +148,33 @@ const STORAGE_KEYS = {
   IS_FORCED_MENU_OPEN: 'isForcedMenuOpen',
   LOGIN_STRATEGY: 'loginStrategy'
 };
+const HTTP_SECURITY_HEADER_KEYS = {
+  'Content-Security-Policy': 'Content-Security-Policy',
+  'Referrer-Policy': 'Referrer-Policy',
+  'Permissions-Policy': 'Permissions-Policy',
+  'Strict-Transport-Security': 'Strict-Transport-Security',
+  'X-XSS-Protection': 'X-XSS-Protection',
+  'X-Content-Type-Options': 'X-Content-Type-Options',
+  'X-Frame-Options': 'X-Frame-Options'
+};
 const HTTP_SECURITY_HEADERS = {
-  'Referrer-Policy': 'same-origin',
-  'Permissions-Policy': 'microphone=(), camera=(), payment=(), usb=(), geolocation=()',
-  'Strict-Transport-Security': 'max-age=31536000; includeSubDomains; preload',
-  'X-XSS-Protection': '1; mode=block',
-  'X-Content-Type-Options': 'nosniff',
-  'X-Frame-Options': 'SAMEORIGIN'
+  [HTTP_SECURITY_HEADER_KEYS['Referrer-Policy']]: 'same-origin',
+  [HTTP_SECURITY_HEADER_KEYS['Permissions-Policy']]:
+  // Note: we need to use `(self)` to ensure that Custom Views (rendered within an `<iframe>`)
+  // can inherit the main application permissions policy and override other directives if needed.
+  'microphone=(self), camera=(self), payment=(self), usb=(self), geolocation=(self)',
+  [HTTP_SECURITY_HEADER_KEYS['Strict-Transport-Security']]: 'max-age=31536000; includeSubDomains; preload',
+  [HTTP_SECURITY_HEADER_KEYS['X-XSS-Protection']]: '1; mode=block',
+  [HTTP_SECURITY_HEADER_KEYS['X-Content-Type-Options']]: 'nosniff',
+  [HTTP_SECURITY_HEADER_KEYS['X-Frame-Options']]: 'SAMEORIGIN'
 };
 
 // Custom Views events (messages sent between the host application and the custom view)
 const CUSTOM_VIEWS_EVENTS_NAMES = {
   CUSTOM_VIEW_BOOTSTRAP: 'custom-view-bootstrap',
   CUSTOM_VIEW_INITIALIZATION: 'custom-view-initialization',
-  CUSTOM_VIEW_CLOSE: 'custom-view-close'
+  CUSTOM_VIEW_CLOSE: 'custom-view-close',
+  CUSTOM_VIEW_READY: 'custom-view-ready'
 };
 const CUSTOM_VIEWS_EVENTS_META = {
   HOST_APPLICATION_CODE: 'mc-host-application',
@@ -210,4 +223,4 @@ var featureToggles = /*#__PURE__*/Object.freeze({
   DEFAULT_FLAGS: DEFAULT_FLAGS
 });
 
-export { CUSTOM_VIEWS_EVENTS_META, CUSTOM_VIEWS_EVENTS_NAMES, CUSTOM_VIEW_HOST_ENTRY_POINT_URI_PATH, DOMAINS, ENTRY_POINT_URI_PATH_REGEX, GRAPHQL_TARGETS, HIDE_ALL_PAGE_NOTIFICATIONS, HIDE_LOADING, HTTP_SECURITY_HEADERS, LOGIN_STRATEGY_DEFAULT, LOGIN_STRATEGY_OIDC, LOGIN_STRATEGY_SSO, LOGOUT_REASONS, MC_API_PROXY_TARGETS, NOTIFICATION_DOMAINS, NOTIFICATION_KINDS_GLOBAL, NOTIFICATION_KINDS_PAGE, NOTIFICATION_KINDS_SIDE, NO_VALUE_FALLBACK, ORGANIZATION_GENERAL_ERROR, PERMISSION_GROUP_NAME_REGEX, PORTALS_CONTAINER_ID, PORTALS_CONTAINER_INDENTATION_SIZE, PROJECT_KEY_REGEX, SHOW_LOADING, STATUS_CODES, STORAGE_KEYS, SUPPORTED_HEADERS, SUPPORT_PORTAL_URL, featureToggles as featureFlags, version };
+export { CUSTOM_VIEWS_EVENTS_META, CUSTOM_VIEWS_EVENTS_NAMES, CUSTOM_VIEW_HOST_ENTRY_POINT_URI_PATH, DOMAINS, ENTRY_POINT_URI_PATH_REGEX, GRAPHQL_TARGETS, HIDE_ALL_PAGE_NOTIFICATIONS, HIDE_LOADING, HTTP_SECURITY_HEADERS, HTTP_SECURITY_HEADER_KEYS, LOGIN_STRATEGY_DEFAULT, LOGIN_STRATEGY_OIDC, LOGIN_STRATEGY_SSO, LOGOUT_REASONS, MC_API_PROXY_TARGETS, NOTIFICATION_DOMAINS, NOTIFICATION_KINDS_GLOBAL, NOTIFICATION_KINDS_PAGE, NOTIFICATION_KINDS_SIDE, NO_VALUE_FALLBACK, ORGANIZATION_GENERAL_ERROR, PERMISSION_GROUP_NAME_REGEX, PORTALS_CONTAINER_ID, PORTALS_CONTAINER_INDENTATION_SIZE, PROJECT_KEY_REGEX, SHOW_LOADING, STATUS_CODES, STORAGE_KEYS, SUPPORTED_HEADERS, SUPPORT_PORTAL_URL, featureToggles as featureFlags, version };

package/dist/declarations/src/constants.d.ts

@@ -251,18 +251,29 @@ export declare const STORAGE_KEYS: {
     readonly IS_FORCED_MENU_OPEN: "isForcedMenuOpen";
     readonly LOGIN_STRATEGY: "loginStrategy";
 };
+export declare const HTTP_SECURITY_HEADER_KEYS: {
+    readonly 'Content-Security-Policy': "Content-Security-Policy";
+    readonly 'Referrer-Policy': "Referrer-Policy";
+    readonly 'Permissions-Policy': "Permissions-Policy";
+    readonly 'Strict-Transport-Security': "Strict-Transport-Security";
+    readonly 'X-XSS-Protection': "X-XSS-Protection";
+    readonly 'X-Content-Type-Options': "X-Content-Type-Options";
+    readonly 'X-Frame-Options': "X-Frame-Options";
+};
+export type THttpSecurityHeaders = keyof typeof HTTP_SECURITY_HEADER_KEYS;
 export declare const HTTP_SECURITY_HEADERS: {
-    readonly 'Referrer-Policy': "same-origin";
-    readonly 'Permissions-Policy': "microphone=(), camera=(), payment=(), usb=(), geolocation=()";
-    readonly 'Strict-Transport-Security': "max-age=31536000; includeSubDomains; preload";
-    readonly 'X-XSS-Protection': "1; mode=block";
-    readonly 'X-Content-Type-Options': "nosniff";
-    readonly 'X-Frame-Options': "SAMEORIGIN";
+    readonly "Referrer-Policy": "same-origin";
+    readonly "Permissions-Policy": "microphone=(self), camera=(self), payment=(self), usb=(self), geolocation=(self)";
+    readonly "Strict-Transport-Security": "max-age=31536000; includeSubDomains; preload";
+    readonly "X-XSS-Protection": "1; mode=block";
+    readonly "X-Content-Type-Options": "nosniff";
+    readonly "X-Frame-Options": "SAMEORIGIN";
 };
 export declare const CUSTOM_VIEWS_EVENTS_NAMES: {
     CUSTOM_VIEW_BOOTSTRAP: string;
     CUSTOM_VIEW_INITIALIZATION: string;
     CUSTOM_VIEW_CLOSE: string;
+    CUSTOM_VIEW_READY: string;
 };
 export declare const CUSTOM_VIEWS_EVENTS_META: {
     HOST_APPLICATION_CODE: string;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@commercetools-frontend/constants",
-  "version": "22.38.0",
+  "version": "22.38.2",
   "description": "Shared constants for MC applications",
   "bugs": "https://github.com/commercetools/merchant-center-application-kit/issues",
   "repository": {